g-smooth2k
02-27-2005, 02:58 PM
Information Provided by Bleeping Computer
Introduction
The Internet is a scary place. Criminals on the Internet have the ability to hide behind their computers, or even other peoples computers, while they attempt to break into your computer to steal personal information or to use it for their own purposes. To make matters worse, there always seems to be a security hole in your software or operating system that is not fixed fast enough that could potentially allow someone to hack into your computer. Where does this leave you? Are you supposed to cancel your Internet access, or is there something you can do to protect yourself?
The answer is that you can protect yourself with a firewall. In the past, firewalls were expensive pieces of hardware that only companies would use. Most people were not on the Internet, and if they were they were connected via a dial up which is not fast enough for most hacker's purposes. Therefore, hackers predominantly targeted companies who normally had larger pools of available bandwidth. Now with almost everyone being able to connect to the Internet, and many with extremely fast and cheap bandwidth, hackers tend to target the home user as they are more apt to not secure their computers properly thus becoming an easy target. With this in mind developers have created cheap but powerful home firewall solutions for the home users to protect themselves.
This tutorial will help to increase your knowledge on how to protect yourself with a firewall so you are not an easy target to hackers and viruses in the future.
The Firewall
A firewall is a hardware device or software application that sits between your computer and the Internet and blocks all Internet traffic from reaching your computer that you have not specifically requested. What this means is that if you browse to a web site, the firewall will allow the traffic from that web site to reach your computer and therefore yourself. On the other hand, if you did not request information from that web site, and the web site sent traffic to you, it would be denied from reaching your computer because you did not specifically ask for it. This behavior can be changed if you wish, and we will discuss that further in the document.
Firewalls for the home user can either be a piece of hardware or a piece of software. The differences will be discussed below.
A Hardware Firewall is a device that sits between your Internet connection and the rest of the computers plugged into it. These firewalls usually come with a built in hub that allows you to connect multiple computers to it in order for them all to be able to share one Internet connection. These firewalls provide protection to all the computers connected to it using a technology called Network Address Translation, or NAT. This protection is performed by all the protected machines using private IP addresses, such as 192.168.1.X, that can not be reached via the Internet. The firewall then convert these internal IP addresses to the single public IP address that is assigned to the firewall. This makes it so that your hardware firewall accepts all incoming requests you asked for and then forwards them on to the requesting internal computer. Using this method, outside machines are never able to connect directly to your computers.
A Personal Firewall is a piece of software installed on each computer that needs to be protected. This software then filters all incoming, and sometimes outgoing traffic, and only allows only data that has been requested or explicitly allowed to pass through. Personal firewalls tend to be more feature rich than hardware versions, but they do not have the ability to allow you to share your Internet connection with multiple computers on the network.
The decision as to which type of firewall you to use depends on what you plan on using it for. If you would like to protect just one computer, then a personal software based firewall is more than adequate. If you would like to protect multiple computers, then a hardware based solution may be most cost effective. Some people even state that you should use both a hardware firewall to protects your network and a personal firewall that further protects your computer. Though this is not a bad idea, it may be cost prohibitive for many users. If money is not an option, then using both will add an extra level of security as well as provide you with the greater functionality found in personal firewalls.
For the rest of this tutorial we will predominantly focus on personal firewalls that are installed on your computer, though many of the topics discussed here apply to hardware firewalls as well.
Firewall Features
When choosing your firewall it is important to pay attention to what features they offer you as these features can make a large difference in how your computer is protected. For some people certain features are more important than others, but in terms of security the most important are inbound and outbound filtering, application protection, notifications, stealth mode. These features and others will be discussed below:
Inbound and Outbound Filtering
Filtering is when a firewall examines information passing through it and determines if that information is allowed to be transmitted and received or should be discarded based on rules or filters that have been created. This function is the primary function of a firewall and how it handles these tasks if very important for your security. Most people feel inbound filtering, which is the processing of inbound data towards your computer, is the most important function of a firewall. Outbound filtering, though, plays just as an important role for securing your computer. You may have had malware installed on your computer without your knowledge, and suddenly when you install a firewall with outbound filtering, you will find that software on your computer is attempting to transmit data to a remote host somewhere on the Internet. Now, not only do you know that this software is installed, but the outbound filtering stopped it from passing on private information.
These filters can also be modified to allow certain computers on the Internet to reach your computer or for certain applications on your computer to transmit data to the Internet. How these rules should be modified is determined by your needs. For example if you would like remote users to be able to connect you remotely using remote desktop you will need to open up the port associated with Remote Desktop, which is tcp port 3389, in order for your firewall to allow that traffic to flow through. An example of this can be seen below where a particular remote computer is given permission to access the computer behind the firewall.
http://img.photobucket.com/albums/v314/g-smooth2k/firewall_diag.gif
Figure 1. Example of a Firewall allowing a remote computer access to a computer behind a firewall
Stealth Mode
It is important for your firewall to not only block requests to reach your computer, but to also make it appear as if your computer does not even exist on the Internet. When you are connected to the Internet and your computer can be not be detected via probes to your computer, you are in what is called Stealth mode. Hackers have the ability to detect if you are on the Internet by probing your machine with special data and examining the results. When you are in Stealth mode the firewall does not send this information back making it seem like you are not even connected. Due to this hackers will not continue targeting your computer as they will think you are not online.
Privacy protection
Many firewalls now have the ability to block spyware, hijackers, and adware from reaching your computer. This allows you to protect your computer from being infected with software that is known to reveal private information about what you do on the Internet or other computing habits. These features are usually bundled into the commercial versions of the firewall software packages.
Application Integrity
Application Integrity is when the firewall monitors the files on your computer for modification in the file or how they are launched. When it detects such a change it will notify the user of this and not allow that application to run or transmit data to the Internet. Many times these modifications may have been part of an upgrade, but if it was modified by a malicious program you will now be made aware of it.
Intrusion detection
Intruders use various methods to penetrate the security of your computer. Intrusion detection scans incoming data for signatures of known methods and notifies you when such attacks are recognized. This allows you to see what means a hacker is trying to use to hack your computer.
Notifications
Notifications allow you to see the activity of what is happening on your firewall and for the firewall to notify you in various ways about possible penetration attempts on your computer.
Firewall Monitoring and Good Practice
Monitoring
Regardless of the firewall you use it is good practice to monitor the firewall logs occasionally. With good monitoring of your logs your will increase your security immediately. Statistically most hacks could have been avoided if people monitored their logs as most hackers will probe a computer before they hack it. If an administrator of the computer had noticed these probes, they may have been able to determine if their computers were vulnerable to what was being probed for. When you first install your firewall and examine the logs you will be simply amazed as to the amount of people who are attempting to access your computer without your knowledge.
Introduction
The Internet is a scary place. Criminals on the Internet have the ability to hide behind their computers, or even other peoples computers, while they attempt to break into your computer to steal personal information or to use it for their own purposes. To make matters worse, there always seems to be a security hole in your software or operating system that is not fixed fast enough that could potentially allow someone to hack into your computer. Where does this leave you? Are you supposed to cancel your Internet access, or is there something you can do to protect yourself?
The answer is that you can protect yourself with a firewall. In the past, firewalls were expensive pieces of hardware that only companies would use. Most people were not on the Internet, and if they were they were connected via a dial up which is not fast enough for most hacker's purposes. Therefore, hackers predominantly targeted companies who normally had larger pools of available bandwidth. Now with almost everyone being able to connect to the Internet, and many with extremely fast and cheap bandwidth, hackers tend to target the home user as they are more apt to not secure their computers properly thus becoming an easy target. With this in mind developers have created cheap but powerful home firewall solutions for the home users to protect themselves.
This tutorial will help to increase your knowledge on how to protect yourself with a firewall so you are not an easy target to hackers and viruses in the future.
The Firewall
A firewall is a hardware device or software application that sits between your computer and the Internet and blocks all Internet traffic from reaching your computer that you have not specifically requested. What this means is that if you browse to a web site, the firewall will allow the traffic from that web site to reach your computer and therefore yourself. On the other hand, if you did not request information from that web site, and the web site sent traffic to you, it would be denied from reaching your computer because you did not specifically ask for it. This behavior can be changed if you wish, and we will discuss that further in the document.
Firewalls for the home user can either be a piece of hardware or a piece of software. The differences will be discussed below.
A Hardware Firewall is a device that sits between your Internet connection and the rest of the computers plugged into it. These firewalls usually come with a built in hub that allows you to connect multiple computers to it in order for them all to be able to share one Internet connection. These firewalls provide protection to all the computers connected to it using a technology called Network Address Translation, or NAT. This protection is performed by all the protected machines using private IP addresses, such as 192.168.1.X, that can not be reached via the Internet. The firewall then convert these internal IP addresses to the single public IP address that is assigned to the firewall. This makes it so that your hardware firewall accepts all incoming requests you asked for and then forwards them on to the requesting internal computer. Using this method, outside machines are never able to connect directly to your computers.
A Personal Firewall is a piece of software installed on each computer that needs to be protected. This software then filters all incoming, and sometimes outgoing traffic, and only allows only data that has been requested or explicitly allowed to pass through. Personal firewalls tend to be more feature rich than hardware versions, but they do not have the ability to allow you to share your Internet connection with multiple computers on the network.
The decision as to which type of firewall you to use depends on what you plan on using it for. If you would like to protect just one computer, then a personal software based firewall is more than adequate. If you would like to protect multiple computers, then a hardware based solution may be most cost effective. Some people even state that you should use both a hardware firewall to protects your network and a personal firewall that further protects your computer. Though this is not a bad idea, it may be cost prohibitive for many users. If money is not an option, then using both will add an extra level of security as well as provide you with the greater functionality found in personal firewalls.
For the rest of this tutorial we will predominantly focus on personal firewalls that are installed on your computer, though many of the topics discussed here apply to hardware firewalls as well.
Firewall Features
When choosing your firewall it is important to pay attention to what features they offer you as these features can make a large difference in how your computer is protected. For some people certain features are more important than others, but in terms of security the most important are inbound and outbound filtering, application protection, notifications, stealth mode. These features and others will be discussed below:
Inbound and Outbound Filtering
Filtering is when a firewall examines information passing through it and determines if that information is allowed to be transmitted and received or should be discarded based on rules or filters that have been created. This function is the primary function of a firewall and how it handles these tasks if very important for your security. Most people feel inbound filtering, which is the processing of inbound data towards your computer, is the most important function of a firewall. Outbound filtering, though, plays just as an important role for securing your computer. You may have had malware installed on your computer without your knowledge, and suddenly when you install a firewall with outbound filtering, you will find that software on your computer is attempting to transmit data to a remote host somewhere on the Internet. Now, not only do you know that this software is installed, but the outbound filtering stopped it from passing on private information.
These filters can also be modified to allow certain computers on the Internet to reach your computer or for certain applications on your computer to transmit data to the Internet. How these rules should be modified is determined by your needs. For example if you would like remote users to be able to connect you remotely using remote desktop you will need to open up the port associated with Remote Desktop, which is tcp port 3389, in order for your firewall to allow that traffic to flow through. An example of this can be seen below where a particular remote computer is given permission to access the computer behind the firewall.
http://img.photobucket.com/albums/v314/g-smooth2k/firewall_diag.gif
Figure 1. Example of a Firewall allowing a remote computer access to a computer behind a firewall
Stealth Mode
It is important for your firewall to not only block requests to reach your computer, but to also make it appear as if your computer does not even exist on the Internet. When you are connected to the Internet and your computer can be not be detected via probes to your computer, you are in what is called Stealth mode. Hackers have the ability to detect if you are on the Internet by probing your machine with special data and examining the results. When you are in Stealth mode the firewall does not send this information back making it seem like you are not even connected. Due to this hackers will not continue targeting your computer as they will think you are not online.
Privacy protection
Many firewalls now have the ability to block spyware, hijackers, and adware from reaching your computer. This allows you to protect your computer from being infected with software that is known to reveal private information about what you do on the Internet or other computing habits. These features are usually bundled into the commercial versions of the firewall software packages.
Application Integrity
Application Integrity is when the firewall monitors the files on your computer for modification in the file or how they are launched. When it detects such a change it will notify the user of this and not allow that application to run or transmit data to the Internet. Many times these modifications may have been part of an upgrade, but if it was modified by a malicious program you will now be made aware of it.
Intrusion detection
Intruders use various methods to penetrate the security of your computer. Intrusion detection scans incoming data for signatures of known methods and notifies you when such attacks are recognized. This allows you to see what means a hacker is trying to use to hack your computer.
Notifications
Notifications allow you to see the activity of what is happening on your firewall and for the firewall to notify you in various ways about possible penetration attempts on your computer.
Firewall Monitoring and Good Practice
Monitoring
Regardless of the firewall you use it is good practice to monitor the firewall logs occasionally. With good monitoring of your logs your will increase your security immediately. Statistically most hacks could have been avoided if people monitored their logs as most hackers will probe a computer before they hack it. If an administrator of the computer had noticed these probes, they may have been able to determine if their computers were vulnerable to what was being probed for. When you first install your firewall and examine the logs you will be simply amazed as to the amount of people who are attempting to access your computer without your knowledge.